This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pipeline { | |
options { ... } | |
parameters { ... } | |
agent { ... } | |
stages { | |
stage('Test') { | |
when { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenkins: | |
Master: | |
Image: my-company/my-project/jenkins-x-image | |
ImageTag: 0.0.70-2 | |
Persistence: | |
mounts: | |
- name: jenkins-security-secrets | |
mountPath: /etc/jenkins-secrets | |
readOnly: true | |
volumes: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenkins: | |
Master: | |
Image: my-company/my-project/jenkins-x-image | |
ImageTag: 0.0.70-2 | |
Persistence: | |
mounts: | |
- name: jenkins-security-secrets | |
mountPath: /etc/jenkins-secrets | |
readOnly: true | |
volumes: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cat google-oauth-config | |
...someClientID... | |
...someClientSecret... | |
$ cat authz_strategy_config | |
{ | |
"strategy": "GlobalMatrixAuthorizationStrategy", | |
"user_permissions": { | |
"authenticated": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Execute with: | |
# ./refresh-jx-platform.sh | |
# or pass the JX_VERSION | |
# JX_VERSION=2.3.333 ./refresh-jx-platform.sh | |
set -eu | |
export JX_HOME=$(mktemp -d) | |
if [ -z "${JX_VERSION:-}" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenkins: | |
Master: | |
Image: my-reg/my-company/jenkins-x-image | |
ImageTag: 0.0.70-1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SecurityRealm | |
import jenkins.model.Jenkins | |
import hudson.security.SecurityRealm | |
import org.jenkinsci.plugins.GithubSecurityRealm | |
clientID = null | |
clientSecret = null | |
securityRealm = null | |
// secret sanity check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
die() { echo "$@" 1>&2 ; exit 1; } | |
dieGracefully() { echo "$@" 1>&2 ; exit 0; } | |
confirm () { | |
# call with a prompt string or use a default | |
read -p "${1:-Are you sure?} [y/N]" -n 1 -r | |
[ -n "$REPLY" ] && echo # (optional) move to a new line | |
if [[ ! $REPLY =~ ^[Yy]$ ]]; then | |
dieGracefully "Received '${REPLY:-N}'. ${2:-Exiting gracefully}." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl -n kube-system get certificates | |
NAME READY SECRET AGE | |
jxing-nginx-ingress-controller-wildcard-prod True jxing-nginx-ingress-controller-wildcard-prod-tls 5d | |
jxing-nginx-ingress-controller-wildcard-staging True jxing-nginx-ingress-controller-wildcard-staging-tls 11d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add_certificates() { | |
local envType=$1 | |
local secretName ns | |
kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml) | |
kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml) | |
kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml | |
kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml | |
# get the secret name | |
secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName') |